ProFTPD module mod_sftp_sql

The mod_sftp module for ProFTPD can support different storage formats for
its user- and host-based authorized keys. By default, the mod_sftp
module supports storing authorized keys in flats. This
mod_sftp_ldap module allows for authorized SSH keys to be stored
in LDAP directories.

This module is contained in the mod_sftp_ldap.c file for
ProFTPD 1.3.x, and is not compiled by default. Installation
instructions are discussed here.

This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

Author

Please contact TJ Saunders <tj at castaglia.org> with any
questions, concerns, or suggestions regarding this module.

after unpacking the latest proftpd-1.3.x source code. Then follow the
usual steps for using third-party modules in proftpd, making sure to include
the mod_sftp and mod_ldap modules, which
mod_sftp_ldap requires. For example, you might use:

./configure --with-modules=mod_ldap:mod_sftp:mod_sftp_ldap ...
make
make install

The mod_sftp_ldap module works by using hooks in the
mod_ldap module code to retrieve authorized user keys during
the LDAP queries. Thus the mod_sftp_ldap module has no
configuration directives of its own.

What should the schema be, for the directory entry which holds these authorized
keys? The mod_sftp_ldap module assumes a posixAccount
user entry with an ldapPublicKey objectclass and
sshPublicKey attributes; multiple sshPublicKey
attributes are allowed.

Which leads to the next question: how can I transfer existing authorized
SSH keys from their current flat files into the LDAP entries? First, you need
to make sure that the key is in the RFC4716 format, using: